CVE-2024-39227
CRITICALDescription
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| gl-inet | mt6000_firmware |
| gl-inet | mt6000 |
| gl-inet | a1300_firmware |
| gl-inet | a1300 |
| gl-inet | x300b_firmware |
| gl-inet | x300b |
| gl-inet | ax1800_firmware |
| gl-inet | ax1800 |
| gl-inet | axt1800_firmware |
| gl-inet | axt1800 |
| gl-inet | mt2500_firmware |
| gl-inet | mt2500 |
| gl-inet | mt3000_firmware |
| gl-inet | mt3000 |
| gl-inet | x3000_firmware |
| gl-inet | x3000 |
| gl-inet | xe3000_firmware |
| gl-inet | xe3000 |
| gl-inet | xe300_firmware |
| gl-inet | xe300 |
| gl-inet | e750_firmware |
| gl-inet | e750 |
| gl-inet | x750_firmware |
| gl-inet | x750 |
| gl-inet | sft1200_firmware |
| gl-inet | sft1200 |
| gl-inet | ar300m_firmware |
| gl-inet | ar300m |
| gl-inet | ar300m16_firmware |
| gl-inet | ar300m16 |
| gl-inet | ar750_firmware |
| gl-inet | ar750 |
| gl-inet | ar750s_firmware |
| gl-inet | ar750s |
| gl-inet | b1300_firmware |
| gl-inet | b1300 |
| gl-inet | mt1300_firmware |
| gl-inet | mt1300 |
| gl-inet | mt300n-v2_firmware |
| gl-inet | mt300n-v2 |
| gl-inet | ap1300_firmware |
| gl-inet | ap1300 |
| gl-inet | b2200_firmware |
| gl-inet | b2200 |
| gl-inet | mv1000_firmware |
| gl-inet | mv1000 |
| gl-inet | mv1000w_firmware |
| gl-inet | mv1000w |
| gl-inet | usb150_firmware |
| gl-inet | usb150 |
| gl-inet | sf1200_firmware |
| gl-inet | sf1200 |
| gl-inet | n300_firmware |
| gl-inet | n300 |
| gl-inet | s1300_firmware |
| gl-inet | s1300 |
References
Frequently Asked Questions
What is CVE-2024-39227? +
How severe is CVE-2024-39227? +
What products are affected by CVE-2024-39227? +
How do I check if I'm vulnerable to CVE-2024-39227? +
Related Vulnerabilities
Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses `\s+` which matches …
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote …
Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated …
Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2.
Host Header Injection (HHI) vulnerability in the Hotspot Shield VPN client, which can induce unexpected behaviour when accessing third-party web …
Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed …